Bank De-Risking Likely to Trump Calls for Financial Inclusion

For Some Activities Risk Avoidance Makes More Sense Than Risk Management

On September 8^th, the Hong Kong Monetary Authority (HKMA) issued a circular to the CEOs of all Authorized (financial) Institutions (AIs) in the HKSAR (Hong Kong Special Administrative Region) entitled “De-risking and Financial Inclusion”.

The circular sets forth the HKMA’s expectations (read “instructions”) that AIs adopt a risk based approach (RBA) to implementing anti-money laundering AML) and countering the financing of terrorism (CFT) regulations and cease the practice of de-risking, that is refusing to open or maintain accounts for certain customers.

As outlined below, the HKMA is rowing against some very powerful tides.  The circular is unlikely to have the stated desired effect.

Some quotes from the circular to set the stage for this post.  I’ve added boldface to highlight certain points. 

Noting the progressive tightening of AML regulations over recent years the HKMA states “While it is important to ensure that AML/CFT controls are sufficiently robust and comply with all the relevant regulatory requirements, the HKMA expects AIs to adopt a risk-based approach (RBA) and refrain from adopting practices that would result in financial exclusion, particularly in respect of the need for bona fide businesses to have access to basic banking services.”  

In a similar vein, the HKMA defines “de-risking” as “The phenomenon of banks declining or discontinuing business relationships with customers or categories of customers to avoid, rather than manage, the risk involved. “

On the subject of an RBA, the HKMA makes the following points: 

"RBA does not require or expect a “zero failure” outcome. While AIs should take all reasonable measures to identify ML/TF risks at the account opening stage and, for existing customers, on an ongoing basis, it is unrealistic to expect that no ML/TF activities would ever occur through the banking system. AIs are not required to implement overly stringent CDD processes with a view to eliminating, ex-ante, all risks. Otherwise, such an approach would result in a large number of bona fide businesses and individuals not being able to open or maintain accounts. CDD is only one part of an effective AML/CFT regime. AIs are also required to implement a system that can monitor and detect suspicious transactions in order to report them to the relevant authorities and take the necessary mitigating measures, such as enhanced CDD."

News reports suggest that the HKMA's action was occasioned by several banks “tossing” existing customers.   Bloomberg refers to the alleged abrupt closure by HSBC of accounts of a long standing client that is an offshore fund. 

That’s borne out in the circular itself which also notes the refusal of some unnamed FIs in the HKSAR refused to accept new clients or set “onerous” requirements.  See the annex to the circular.

The HKMA’s circular follows one issued in late August by five US regulators of financial institutions in the country.  Yes, you read that right “five”.   Apparently one regulator is insufficient for the USA's financial sector.  It's that big!  That circular also contained an appeal for banks to adopt a RBA, but did not include the HKMA’s statement that it didn’t expect RBA AML/CFT to prevent all illegal transactions.  Instead the five US regulators offered the comforting thought that “the Treasury and the FBAs do not utilize a zero tolerance philosophy that mandates the strict imposition of formal enforcement action regardless of the facts and circumstances of the situation”.  

I trust like AA you find those words comforting in a particularly baffling way.  Are these regulators saying that existing regulations allow them to take formal enforcement action regardless of facts and circumstances but that they will kindly forbear from exercising these powers?  Instead might they apply strict non formal enforcement actions? On that score, what is a “strict” imposition and how does it differ from a “strict” enforcement action?  Or are they saying that existing US laws and regulations are so written that they could impose draconian penalties for a “slip or two” in compliance?  Finally, if the posture of the regulators is based on a “philosophy” and not the law, could that “philosophy” change with the next administration? If that’s the case, should banks be advised to prepare for the worst?       

The widespread use of the US dollar in both commercial and financial transactions and the propensity of the US to use that position to levy fines and impose extraterritorial requirements make US regulations and the “philosophy” of the US regulator of paramount concern to internationally active banks. 

The HKMA may have “expectations” but Hong Kong and other foreign banks are likely to be more sensitive to what the US “expects” as evidenced by its past behavior.   Thus, the HKMA’s appeal is almost certain to collide with banks’ self-interest and certain “objective conditions”.

First, banks are profit oriented not public service institutions despite some manifestly absurd industry positioning / brand development advertising campaigns that are currently running. 

In other words, profit is job #1.  Financial “inclusion” like charity work is well down the list of priorities.  And is a miniscule part of activities.  Thus, despite its ad campaign running on the Bloomberg TV, Bank of America Merrill Lynch doesn’t devote a major portion of its efforts to bring clean water to folks in Africa.

Profit on an account is a function of revenues less costs.

Providing bank accounts and related services is a low margin high volume business. Contrast that with investment banking transactions where the volumes are significantly lower but the margins are immense.  

Considering only operating costs, many SME accounts at best offer marginal profitability. We’re talking about maybe tens of thousands of dollars profit per account for many accounts. 

When the costs of customer due diligence, monitoring, preparing and filing of suspicious transaction reports are included, profit is even less.  Customer due diligence (CDD) at the inception of a relationship is particularly labor intensive.  Much of the subsequent monitoring can be done via computer programs, but at the end of the day someone has to review the reports generated, decide whether to investigate further, and ultimately whether to approach the customer for more information and/or file a suspicious transaction report STR).  

On that score, banks file a good portion of their STRs for defensive (CYA) reasons.  It demonstrates they have a working compliance system.  If something untoward about a customer turns up in the future, the bank can say to the regulators “But I reported to you.  By the way you never got back to me.”  Thus, monitoring “risky” customers taken on to promote financial inclusion may trigger the need for a CYA STR even if the bank thinks the customer is "clean".  One can't be too careful because regulatory hindsight is often more than 20/20.

Fines take a potential bite out of profit.  But by increasing expenses they can also affect the capital a bank is required to maintain for operational risk under the Basel framework.  Lower Basel capital adequacy ratios can affect credit and stock ratings.  Increasing capital can lead to declines in ROE if the profits do not cover the cost of capital.  If capital cannot be increased, then the bank may have to reduce certain other activities (e.g. credit or market risk related) thus reducing income/profit.  

Second, it’s important to remember that banks are free to select or reject customers according to their own criteria.  Even in countries that have laws to prevent discrimination, banks may reject customers as long as the as criteria used are business principles-based, e.g., risk not race and are consistently applied.  Not every applicant for a new loan or new account will get one.  Not every customer with an existing loan will be granted a renewal or extension.  Similarly, not every customer with an account is guaranteed the right to retain it. So the appeal is a request not a command.

Third, there are a variety of objective conditions and not simply bloody-mindedness that are pushing banks to “de-risk”.

Chief among these are regulatory and legal risks, but there are others.

Regulatory Risks.

Billion dollar fines concentrate the minds or bankers quite sharply.  Settlements with regulators include more than fines.  Often settlements are (legally) structured as deferred prosecution agreements or DPAs.  As the name suggests, the DPA holds a sword over the head of the financial institution and compel compliance on an extraterritorial basis.

But don’t take AA’s word for it. 

Here are two 2016 quotes attributed to Assistant Attorney General Leslie Caldwell. “[w]e can require that the banks cooperate with our ongoing investigations, particularly in our investigations of individuals. We can require that such compliance programs and cooperation be implemented worldwide, rather than just in the United States. We can require periodic reporting to a court that oversees the agreements for its terms.”

Under the right circumstances, the government “will not hesitate to tear up a DPA or NPA and file criminal charges, where such action is appropriate and proportional to the breach.”

Here are some illustrative examples of DPAs.  Standard Chartered 2014 with DFS New York State.  The consent order triggered significant de-risking by SCB in the UAE as you may recall.  Here’s  HSBC 2012. 

So if you were a financial institution considering opening or maintaining an account relationship, would one of your key risk mitigation concerns be avoiding the risk that a regulator could suddenly be dictating how you run your business worldwide?  See the requirements in the HSBC DPA Paragraph #5.  Note not only the number of requirements but also the short leash in later points Paras 8 and 14-16. 

But as they say on late night TV.  “Wait there’s more”.

­Civil Lawsuits

Lawsuits such as that against the Arab Bank or the one in progress against HSBC, Barclays, Standard Chartered, the Royal Bank of Scotland and Credit Suisse are no doubt worrisome.  The latter suit is predicated on these banks’ admission of transferring money for Iran which the plaintiffs assert helped finance terrorist attacks against US military personnel in Iraq. There is to my knowledge no assertion that these banks actually transferred money for those attacks.  More here.  

Banks might be forgiven--particularly in light of the Arab Bank case—for questioning whether fair trials or impartial juries are available in certain jurisdictions.

Both the regulatory and legal actions highlight what is perhaps the key factor here.  Banks are subject not only to their own regulators and laws but to those of other countries.  The primary role of the US dollar in international financial transactions exposes not only major international banks but also smaller banks to US enforcement or legal actions.

Staff Risks

International banks operate in many countries.  Staff attitudes toward government regulations vary greatly.  In many countries the population treats their own government's laws and regulations as suggestions rather than binding constraints.  In some countries as a direct challenge to find a creative workaround.  An even more casual attitude often applies to laws of foreign countries.   Bank managements have to deal with the staff they have not the staff they wish they had.  In which case exposure can be neatly mitigated by not doing certain types of business or dealing with certain customers.  Eliminate discretion and one eliminates potential problems.

Recidivism Risk

If a bank is unfortunate enough to have encountered enforcement action, a further “slip” could trigger a severe response from at least one particular country, e.g., “tearing up DPAs” “filing criminal charges” as AAG Caldwell is quoted above.  Or additional fines or additional business conditions imposed.  Or even the threat of such action could cloud an institution’s stock price, customer confidence, etc.  Here’s an example.

Conclusion

When the risk reward ratio is highly skewed, the most effective risk management is risk avoidance.  

I suppose I could construct an RBA for running with scissors. But I will forgo running with scissors rather than “managing the risk” of doing so.  Simply because the potential return is dwarfed by the risk.

Banks are likely to do the same with respect to financial inclusion.   The lesson of Nogales Arizona and other similar stories of US banks closing branches on the US-side of the border with Mexico and “tossing” customers may be illustrative on this point.  Banks are likely to be much less solicitous of foreign than domestic customers. And the solicitude for domestic customers seems minimal in these cases. 

As outlined in the above press report, the US banks apparently claimed that their domestic de-risking was related to revised regulations requiring additional regulatory reporting and closure of “risky” accounts.  If you close your branch, you neatly “solve” both problems. 

China CIPS - How is It Likely to Operate?

March 2016: CIPS and SWIFT Sign the MOU

Introduction:

If you read my previous post, then hopefully you’ve accepted the argument that CIPS is designed as a payment utility (analogous to CHIPS) not as a replacement for SWIFT (a global secure messaging utility).

Thus, if CIPS is an alternative to anything, it is an alternative to currently existing cumbersome methods for parties outside of Mainland China to make and receive RMB payments.

By way of fleshing out this analogy, let’s look a bit closer at CHIPS and how it fits into the domestic US payment system.  CHIPS processes US dollar payments –largely those related to cross border transactions.  FEDWIRE and ACH (for smaller payments that are made in very large numbers, e.g., salaries) handle the bulk of domestic (US) oriented dollar payments. 

Similarly CIPS will handle internationally oriented RMB denominated payments, while CNAPS2--the local equivalent of FEDWIRE-- (primarily) will process domestic oriented RMB payments in the PRC.

Key Results of CIPS Likely Method of Operations

There are four key likely effects:  

1. Requirement that CIPS member banks be located in the PRC.  Banks around the world are not going to be connected to CIPS as they currently are to SWIFT.
2. Reliance by foreign banks wishing to use CIPS on Chinese correspondent banks. 
3. Use of SWIFT means that perceived risks associated with the use of SWIFT are not mitigated. 
4. Negative impact on existing RMB clearing banks and centers, with Hong Kong potentially hard hit.

Domestic Membership:  Like CHIPS, CIPS almost certainly will require that its members (the institutions who can directly enter payment orders into the system and who directly receive payments from the system) be in the PRC (not offshore) and have accounts with the (local) central bank (the PBOC) to settle transactions.  Credit concerns over settlement of transactions, including minimizing systemic risks to the national payment system and economy, and operational needs motivate this requirement.

Reliance on Correspondent Banks: Offshore banks that want to send payments via CIPS will have to maintain RMB accounts with Chinese correspondent banks who are direct CIPS members or with other banks who themselves maintain such accounts.  This latter option is more operationally complex and not one that many banks are likely to take -- unless they have credit concerns about maintaining large balances in accounts subject to PRC jurisdiction.   Offshore banks who want to send USD payments through CHIPS or Sterling payments through London-based CHAPS have a similar reliance on correspondents. 

Use of SWIFT by Foreign Banks: What this means then is those offshore banks are very likely going to use SWIFT to send messages to the correspondents (CIPS direct members) and receive information from CIPS members about transactions via SWIFT just as they do with CHIPS USD transactions. 

If as it  seems, foreign banks will send their payment instructions to CIPS members via SWIFT, then if sanctions or other pressure forces SWIFT to deny a Chinese bank access to SWIFT, that bank will no longer be able to receive SWIFT payment messages from foreign banks or send them messages.  

Potential Use of SWIFT by CIPS:  If CIPS direct participants use SWIFT to send payment instructions to CIPS, then a denial of SWIFT services to Chinese banks could “shut down” CIPS. 

Impact on Perceived Risks Associated with SWIFT Usage:  As I hope is evident, to the extent that SWIFT is used with CIPS, concerns about “spying” or sanctions-induced denial of SWIFT access—assuming that these really exist--are not eliminated.

But note, at this point it’s not clear –at least to AA—if CIPS will 

• rely on SWIFT for such “internal” communications or 
• operate a separate secure communication system of its own.   
• Target, the Europe-based payment system that makes euro denominated payments, uses SWIFT for this purpose.  
• CHIPS has a different model.  It relies on its own secure communication system to send payment instructions to CHIPS.   

Of the two options, I expect that China will adopt the CHIPS model, if not immediately, as soon as it can. 

Problems that both Iran and Russia faced no doubt have been noticed by PRC decision makers.   Iran’s SWIFT access was suspended --now restored in the wake of the nuclear agreement.  US sanctions restricted Russian domestic debit and credit card processing almost all of which was offshore and thus outside of Russian authorities’ control until that processing was subsequently brought onshore.  Calls by the then British PM and other EU entities for Russia to “de-SWIFTed”  threatened the potential shutdown of the country’s SWIFT-based domestic payment system with potentially devastating economic effects, causing the Central Bank of Russia to  introduce a replacement non-SWIFT-based payment national payment system.  

But I think that the Chinese need little “education” on this topic. 

Well before Iran’s or Russia’s problems, the PRC required that domestic credit and debit card transactions be processed by a domestic system. Some of this was likely motivated by a desire to promote local business as well as to limit the risks of reliance on foreigners.

Impact on Clearing Banks and Centers –Particularly Hong Kong: Finally, another often overlooked result of CIPS is the impact on offshore clearing banks. Under the current “clearing bank” arrangement designated banks outside the Mainland handle offshore and cross-border RMB transfers.  Hong Kong is particularly vulnerable as it handles roughly 70% of all offshore RMB transactions.  (Page 7)

Once CIPS is successful, Hong Kong banks (particularly Bank of China Hong Kong) are likely to experience a dramatic fall in transaction volume and fees. Customer RMB deposits are also likely to decline as deposits are shifted to CIPS member correspondent banks on the Mainland. 

Factors that could mitigate that fall are

1. the utility of offshore accounts for “workarounders’” and “investors’” currency exfiltration and infiltration transactions with the mainland, a lot of HK – Mainland trade is actually composed of regulatory avoidance transactions dressed up as trade, 
2. more “legitimate” regulatory planning reasons for maintaining offshore RMB deposits similar to those for offshore US dollar deposits, and 
3. a possible depositor preference for banks and jurisdictions perceived to be more creditworthy and offering more legal protection to depositors than those on the Mainland.